Monday, January 03, 2011

toolsmith: Armitage - Cyber Attack Management for Metasploit

Raphael Mudge's Armitage is the subject of January 2011's toolsmith in the ISSA Journal.Armitage is a "cyber attack management" platform for Metasploit.Depending on your background or the availability of commercial tools in your environment (Core, Canvas, etc.), your comfort with Metasploit likely varieswith the depth of your experience. Armitage1 is designed to help close some of the experience or comfort gaps, described by the developer as useful for “non-hackers”.For use as a demonstration tool to elucidate vulnerabilities and their exploit to management or customers, Armitage is excellent.Basic Armitage workflow (should be familiar to all pentesters):Create a workspace, conduct or import scans, identify vulnerabilities, determine appropriate attacks, gain access, and further your presence in the environment.I've always loved the premise of attack pivoting. Gain a foothold on one system, them jump off to another host or network. Armitage definitely supports such thinking. ;-)Download Backtrack 4 R2, install Armitage, and see what you think. I enjoyed testing it for this article immensely; I believe you'll find it equally useful.Download the article here.

What is the best Toolmsith tool of the last ten years?

ASJA Awards Prize Winning Article

Subscribe To HolisticInfoSec

About Me

Russ McRee runs the Blue Team for Microsoft's Windows and Devices Group (WDG). He writes the monthly column toolsmith. Russ has spoken infosec events such Defcon, Black Hat, RSA,and FIRST and has published in the likes of Information Security, Linux Magazine, (IN)SECURE, and SysAdmin. As an advocate of a holistic approach to information security, Russ' website is holisticinfosec.org.
He also serves as a volunteer handler for the SANS Internet Storm Center.